[LINUX] Limit ssh with iptables for each user

I asked the customer to use a certain server as a general user, but there was a requirement that it should not be used like a stepping stone for ssh, so I responded with iptables.


Limit ssh for each user with iptables

iptables -A OUTPUT -p tcp --dport 22 -m owner --uid-owner {USERNAME} -j DROP

If the LISTEN port of the other server is other than 22, it is meaningless, so please change it as needed depending on the environment.

Persistence of settings

apt install iptables-persistent
/etc/init.d/iptables-persistent save 

Recommended Posts

Limit ssh with iptables for each user
Manually ssh registration for coreserver with python
Create execution environment for each language with boot2docker
Rollback DB for each test with Flask + SQLAlchemy
Export access data for each user of Google Analytics.
Extract N samples for each group with Pandas DataFrame
Build a python environment for each directory with pyenv-virtualenv
Allow ssh only for specific IP addresses with firewalld
Display the integrated temperature for each field with Z-GIS
Behavior in each language when coroutines are reused with for